Early last month, Adobe came under siege and the large company reported that somewhere around 3 million accounts were compromised. In their investigations, however, they have found that nearly 40 million accounts were compromised instead.

During the attack, customer IDs and passwords were exposed as well as encrypted credit cards, expiration dates and login information.

According to Adobe, until the investigations started, they were simply not aware that the damage was so widespread and, until recently, only required the 3 or so million accounts to reset their passwords. Since it was discovered that nearly ten times that many accounts were compromised, Adobe has responded with that many more reset requests to users. Some of the users were not active and had cancelled their subscriptions, but since Adobe keeps their information on file in case they wish to renew, they too will receive emails.

The hackers also acquired passwords to invalid accounts and test accounts, which accounted for a better part of a million affected accounts. However, Adobe has not finished their investigations into how many suspended and inactive accounts were affected, and the company continues to work day in and day out to finish their search. New emails alerting businesses and personal users alike go out each and every day.

So far, the company says they have not received any reports of unauthorized use of any Adobe account since the hack, however, which the company believes is due in part to their efforts to reset accounts and passwords that were stolen.

Adobe had this to say when they initially found out about the hack:

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.”

For more information and instructions on how to change your password and user ID if you haven’t received an email, you can visit Adobe’s security alert located here. Note that the company advises you change the password for all of your Adobe services if you use the same one (EchoSign, Behance, TypeKit, Marketing Cloud, and Connect Pro). All password resets are done through adobe.com/go/passwordreset and any email telling you otherwise is a phishing attempt, states the company.